﻿<%
set dbconnection=Server.CREATEOBJECT("ADODB.CONNECTION")
DBPath = Server.MapPath("/db/##Main.mdb")
dbconnection.Open "driver={Microsoft Access Driver (*.mdb)};dbq=" & DBPath

function SelfRequestNumber(Name)
	r = Request(Name)
	'r = replace(r,"’","")
	r = Trim(r)  
	If len(r)>8 then
		'response.write ""  
		'response.end  
		r = "0"
	else  
		If r <>"" then '取不为空则是为了防止一些程序页中会出现空值情况，如果不在这里做判断,程序会校验出错.  
			If IsNumeric(r) = False then '风清扬修改 ID数据监控程式  
				'response.write "" 
				'response.end  
				r = "0"
			end if
		else
			r = "0"
		end if  
	end if
	SelfRequestNumber = r
End function

function SelfRequestString(Name)
	r = Request(Name)
	dim nothis(18)  
	nothis(0)="net user"  
	nothis(1)="xp_cmdshell"  
	nothis(2)="/add"  
	nothis(3)="exec%20master.dbo.xp_cmdshell"  
	nothis(4)="net localgroup administrators"  
	nothis(5)="select"  
	nothis(6)="count"  
	nothis(7)="asc"  
	nothis(8)="char"  
	nothis(9)="mid"  
	nothis(10)="'"  
	nothis(11)=":"  
	nothis(12)=""""  
	nothis(13)="insert"  
	nothis(14)="delete"  
	nothis(15)="drop"  
	nothis(16)="truncate"  
	nothis(17)="from"  
	nothis(18)="%" 
	 
'	errc=false  
	for i= 0 to ubound(nothis)  
		'if instr(r,nothis(i))<>0 then  
		'	errc=true  
		'end if  
		r = replace(r,nothis(i),"") 
	next  
	SelfRequestString = r
'	if errc then  
'		response.write ""  
'		response.end  
'	else
'		SelfRequestString = r
'	end if
End function
%>
